pass a signer option to tessera

personalities/sctfe/ct_server_gcp/main.go

@@ -42,9 +42,11 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/rs/cors"
 	"github.com/tomasen/realip"
+	tessera "github.com/transparency-dev/trillian-tessera"
 	"github.com/transparency-dev/trillian-tessera/personalities/sctfe"
 	"github.com/transparency-dev/trillian-tessera/personalities/sctfe/configpb"
 	"github.com/transparency-dev/trillian-tessera/storage/gcp"
+	"golang.org/x/mod/sumdb/note"
 	"google.golang.org/protobuf/proto"
 	"k8s.io/klog/v2"
 )
@@ -294,14 +296,14 @@ func setupAndRegister(ctx context.Context, deadline time.Duration, vCfg *sctfe.V
 	return inst, nil
 }
 
-func newGCPStorage(ctx context.Context, vCfg *sctfe.ValidatedLogConfig) (*sctfe.CTStorage, error) {
+func newGCPStorage(ctx context.Context, vCfg *sctfe.ValidatedLogConfig, signer note.Signer) (*sctfe.CTStorage, error) {
 	cfg := vCfg.Config.GetGcp()
 	gcpCfg := gcp.Config{
 		ProjectID: cfg.ProjectId,
 		Bucket:    cfg.Bucket,
 		Spanner:   cfg.SpannerDbPath,
 	}
-	storage, err := gcp.New(ctx, gcpCfg)
+	storage, err := gcp.New(ctx, gcpCfg, tessera.WithCheckpointSignerVerifier(signer, nil))
 	if err != nil {
 		return nil, fmt.Errorf("Failed to initialize GCP storage: %v", err)
 	}

personalities/sctfe/instance.go

@@ -31,15 +31,16 @@ import (
 	"github.com/google/certificate-transparency-go/x509util"
 	"github.com/google/trillian/crypto/keys"
 	"github.com/google/trillian/monitoring"
+	"golang.org/x/mod/sumdb/note"
 )
 
 // InstanceOptions describes the options for a log instance.
 type InstanceOptions struct {
 	// Validated holds the original configuration options for the log, and some
 	// of its fields parsed as a result of validating it.
 	Validated *ValidatedLogConfig
-	// CreateStorage instantiates a Tessera storage implementation.
-	CreateStorage func(context.Context, *ValidatedLogConfig) (*CTStorage, error)
+	// CreateStorage instantiates a Tessera storage implementation with a signer option.
+	CreateStorage func(context.Context, *ValidatedLogConfig, note.Signer) (*CTStorage, error)
 	// Deadline is a timeout for Tessera requests.
 	Deadline time.Duration
 	// MetricFactory allows creating metrics.
@@ -146,12 +147,19 @@ func setUpLogInfo(ctx context.Context, opts InstanceOptions) (*logInfo, error) {
 		return nil, fmt.Errorf("failed to parse RejectExtensions: %v", err)
 	}
 
-	storage, err := opts.CreateStorage(ctx, opts.Validated)
+	logID, err := GetCTLogID(signer.Public())
+	if err != nil {
+		return nil, fmt.Errorf("failed to get logID for signing: %v", err)
+	}
+	timeSource := new(SystemTimeSource)
+	ctSigner := NewCTSigner(signer, vCfg.Config.Origin, logID, timeSource)
+
+	storage, err := opts.CreateStorage(ctx, opts.Validated, ctSigner)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create storage backend: %v", err)
 	}
 
-	logInfo := newLogInfo(opts, validationOpts, signer, new(SystemTimeSource), storage)
+	logInfo := newLogInfo(opts, validationOpts, signer, timeSource, storage)
 	return logInfo, nil
 }
 

personalities/sctfe/instance_test.go

@@ -30,6 +30,7 @@ import (
 	"github.com/google/trillian/crypto/keyspb"
 	"github.com/google/trillian/monitoring"
 	"github.com/transparency-dev/trillian-tessera/personalities/sctfe/configpb"
+	"golang.org/x/mod/sumdb/note"
 	"google.golang.org/protobuf/types/known/anypb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
@@ -38,7 +39,7 @@ func init() {
 	keys.RegisterHandler(&keyspb.PEMKeyFile{}, pem.FromProto)
 }
 
-func fakeCTStorage(_ context.Context, _ *ValidatedLogConfig) (*CTStorage, error) {
+func fakeCTStorage(_ context.Context, _ *ValidatedLogConfig, _ note.Signer) (*CTStorage, error) {
 	return &CTStorage{}, nil
 }